Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am new too magento. I have one problem to create an activation key for a downloadable product. I hide my text field in my product page. But the hackers, if they use firebug then they change the text value very easily and it ll store in the db. Any one can help me?
Thanks
You should never rely on hidden fields for security. If this key is secret you should never send it to the user browser, keep it in the backend.
Never store user input in the database without cleaning it first.
Always treat your user as he/she is a hacker. I suggest you read more information here:
http://owasp.com/index.php/Main_Page
PS: If I may add, Firebug has nothing to do with the issue. There are countless tools that can do this. eg. All the browsers allow you to view the source, hence the hidden fields are actually visible to any user. Most of the modern ones have incorporated developer tools, eg. f12 in IE.